New tools help hack into iPhone

Hackers may ignore the Mac, but they're dancing with interest around iPhone - half the hackers at Black Hat carried one, report claims.

By
Robert McMillan
| 27 Sep 07

iPhone hackers have some new tools now, thanks to HD Moore, one of the developers of the Metasploit hacking software.

On Tuesday, Moore announced that he was supporting the iPhone within his Metasploit framework and released software that would allow hackers to run "shellcode" command prompts on Apple's mobile device.

By integrating the iPhone into Metasploit, it will now be a little easier for hackers to gain access to someone else's iPhone, but they will also need a few other tools to succeed. First, they will need to create working exploit code, which takes advantage of bugs in Apple's software, to trick the device into running the shellcode. They will also need to create more sophisticated "payload" applications that can do things like remotely connect with the hacker. "It's a first step," Moore said of his hack.

With iPhone prices dropping and noticeable improvements in the quality of iPhone hacking tools, Apple's phone has become a more interesting target of late, Moore said.

And the iPhone has obviously hit a nerve in the security community. Moore said that about a quarter of the attendees at the recent Black Hat conference in Las Vegas had the devices. "It's trendy," he said. "It kind of creeped me out when I saw how many people had iPhones when I went to Vegas."

In fact, hackers have already developed a number of exploits that they claim could be used on the iPhone's Safari browser.

And security researchers have even demonstrated how the iPhone can be compromised. In July, a Baltimore, Maryland, company called Independent Security Evaluators showed how it could run unauthorized software on an iPhone by taking advantage of a Safari bug.

Moore believes that the iPhone's browser and mail client will be the best sources of bugs and he said that because of the components and information stored on the phone, it may end up being a more attractive target than the PC.

For example, the phone could be used to track someone's location based on information from cell phone towers. Throw in the iPhone's microphone, camera and an internet connection, and you suddenly have a device that could be used to secretly keep tabs on people, Moore said. "If you look at what you get by exploiting someone's iPhone, you actually get a lot more than you do from someone's PC a lot of the time," he said.